CVE-2020-25712 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Affected Products (NVD)

Vendor	Product	Version
x.org	x_server	𝑥 < 1.20.10
redhat	enterprise_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg-server

bookworm	2:21.1.7-3+deb12u7 fixed
bookworm (security)	2:21.1.7-3+deb12u8 fixed
bullseye	2:1.20.11-1+deb11u13 fixed
bullseye (security)	2:1.20.11-1+deb11u14 fixed
sid	2:21.1.14-1 fixed
trixie	2:21.1.14-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xorg

bionic	not-affected
focal	not-affected
groovy	not-affected
trusty	dne
xenial	not-affected

xorg-hwe-16.04

bionic	dne
focal	dne
groovy	dne
trusty	dne
xenial	not-affected

xorg-hwe-18.04

bionic	not-affected
focal	dne
groovy	dne
trusty	dne
xenial	dne

xorg-server

bionic	Fixed 2:1.19.6-1ubuntu4.8 released
focal	Fixed 2:1.20.8-2ubuntu2.6 released
groovy	Fixed 2:1.20.9-2ubuntu1.1 released
trusty	Fixed 2:1.15.1-0ubuntu2.11+esm3 released
xenial	Fixed 2:1.18.4-0ubuntu0.11 released

xorg-server-hwe-16.04

bionic	dne
focal	dne
groovy	dne
trusty	dne
xenial	Fixed 2:1.19.6-1ubuntu4.1~16.04.5 released

xorg-server-hwe-18.04

bionic	Fixed 2:1.20.8-2ubuntu2.2~18.04.4 released
focal	dne
groovy	dne
trusty	dne
xenial	dne

xorg-server-lts-utopic

bionic	dne
focal	dne
groovy	dne
trusty	dne
xenial	dne

xorg-server-lts-vivid

bionic	dne
focal	dne
groovy	dne
trusty	dne
xenial	dne

xorg-server-lts-wily

bionic	dne
focal	dne
groovy	dne
trusty	dne
xenial	dne

xorg-server-lts-xenial

bionic	dne
focal	dne
groovy	dne
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

xorg-x11-server

suse enterprise desktop 15 SP1	1.20.3-14.5.13.1 fixed
suse enterprise desktop 15 SP2	1.20.3-22.5.16.1 fixed
suse enterprise desktop 15 SP3	1.20.3-22.5.16.1 fixed
suse enterprise desktop 15 SP4	1.20.3-150400.36.7 fixed
suse enterprise desktop 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise desktop 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise desktop 15 SP7	21.1.15-150700.3.2 fixed
suse enterprise sap 12 SP5	1.19.6-10.20.1 fixed
suse enterprise sap 15 SP1	1.20.3-14.5.13.1 fixed
suse enterprise sap 15 SP2	1.20.3-22.5.16.1 fixed
suse enterprise sap 15 SP3	1.20.3-22.5.16.1 fixed
suse enterprise sap 15 SP4	1.20.3-150400.36.7 fixed
suse enterprise sap 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise sap 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise sap 15 SP7	21.1.15-150700.3.2 fixed
suse enterprise server 12 SP4	1.19.6-4.19.1 fixed
suse enterprise server 12 SP5	1.19.6-10.20.1 fixed
suse enterprise server 15	1.19.6-8.27.1 fixed
suse enterprise server 15 SP1	1.20.3-14.5.13.1 fixed
suse enterprise server 15 SP2	1.20.3-22.5.16.1 fixed
suse enterprise server 15 SP3	1.20.3-22.5.16.1 fixed
suse enterprise server 15 SP4	1.20.3-150400.36.7 fixed
suse enterprise server 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise server 15 SP7	21.1.15-150700.3.2 fixed

xorg-x11-server-Xvfb

suse enterprise desktop 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise desktop 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise desktop 15 SP7	21.1.15-150700.3.2 fixed
suse enterprise sap 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise sap 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise sap 15 SP7	21.1.15-150700.3.2 fixed
suse enterprise server 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise server 15 SP7	21.1.15-150700.3.2 fixed

xorg-x11-server-extra

suse enterprise desktop 15 SP1	1.20.3-14.5.13.1 fixed
suse enterprise desktop 15 SP2	1.20.3-22.5.16.1 fixed
suse enterprise desktop 15 SP3	1.20.3-22.5.16.1 fixed
suse enterprise desktop 15 SP4	1.20.3-150400.36.7 fixed
suse enterprise desktop 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise desktop 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise desktop 15 SP7	21.1.15-150700.3.2 fixed
suse enterprise sap 12 SP5	1.19.6-10.20.1 fixed
suse enterprise sap 15 SP1	1.20.3-14.5.13.1 fixed
suse enterprise sap 15 SP2	1.20.3-22.5.16.1 fixed
suse enterprise sap 15 SP3	1.20.3-22.5.16.1 fixed
suse enterprise sap 15 SP4	1.20.3-150400.36.7 fixed
suse enterprise sap 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise sap 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise sap 15 SP7	21.1.15-150700.3.2 fixed
suse enterprise server 12 SP4	1.19.6-4.19.1 fixed
suse enterprise server 12 SP5	1.19.6-10.20.1 fixed
suse enterprise server 15	1.19.6-8.27.1 fixed
suse enterprise server 15 SP1	1.20.3-14.5.13.1 fixed
suse enterprise server 15 SP2	1.20.3-22.5.16.1 fixed
suse enterprise server 15 SP3	1.20.3-22.5.16.1 fixed
suse enterprise server 15 SP4	1.20.3-150400.36.7 fixed
suse enterprise server 15 SP5	21.1.4-150500.5.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.3.2 fixed
suse enterprise server 15 SP7	21.1.15-150700.3.2 fixed

xorg-x11-server-sdk

suse enterprise server 15

1.19.6-8.27.1

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

egl-wayland

RHEL 8

0:1.1.5-3.el8

fixed

libX11

RHEL 8

0:1.6.8-4.el8

fixed

libX11-common

RHEL 8

0:1.6.8-4.el8

fixed

libX11-devel

RHEL 8

0:1.6.8-4.el8

fixed

libX11-xcb

RHEL 8

0:1.6.8-4.el8

fixed

libdrm

RHEL 8

0:2.4.103-1.el8

fixed

libdrm-devel

RHEL 8

0:2.4.103-1.el8

fixed

libglvnd

RHEL 8

1:1.3.2-1.el8

fixed

libglvnd-core-devel

RHEL 8

1:1.3.2-1.el8

fixed

libglvnd-devel

RHEL 8

1:1.3.2-1.el8

fixed

libglvnd-egl

RHEL 8

1:1.3.2-1.el8

fixed

libglvnd-gles

RHEL 8

1:1.3.2-1.el8

fixed

libglvnd-glx

RHEL 8

1:1.3.2-1.el8

fixed

libglvnd-opengl

RHEL 8

1:1.3.2-1.el8

fixed

libinput

RHEL 8

0:1.16.3-1.el8

fixed

libinput-devel

RHEL 8

0:1.16.3-1.el8

fixed

libinput-utils

RHEL 8

0:1.16.3-1.el8

fixed

libwacom

RHEL 8

0:1.6-2.el8

fixed

libwacom-data

RHEL 8

0:1.6-2.el8

fixed

libwacom-devel

RHEL 8

0:1.6-2.el8

fixed

mesa-dri-drivers

RHEL 8

0:20.3.3-2.el8

fixed

mesa-filesystem

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libEGL

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libEGL-devel

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libGL

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libGL-devel

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libOSMesa

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libOSMesa-devel

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libgbm

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libgbm-devel

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libglapi

RHEL 8

0:20.3.3-2.el8

fixed

mesa-libxatracker

RHEL 8

0:20.3.3-2.el8

fixed

mesa-vdpau-drivers

RHEL 8

0:20.3.3-2.el8

fixed

mesa-vulkan-devel

RHEL 8

0:20.3.3-2.el8

fixed

mesa-vulkan-drivers

RHEL 8

0:20.3.3-2.el8

fixed

xorg-x11-drivers

RHEL 8

0:7.7-30.el8

fixed

xorg-x11-server-Xdmx

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-Xephyr

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-Xnest

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-Xorg

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-Xvfb

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-Xwayland

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-common

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-devel

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

xorg-x11-server-source

RHEL 7	0:1.20.4-15.el7_9 fixed
RHEL 8	0:1.20.10-1.el8 fixed

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

https://bugzilla.redhat.com/show_bug.cgi?id=1887276

https://lists.x.org/archives/xorg-announce/2020-December/003066.html

https://bugzilla.redhat.com/show_bug.cgi?id=1887276

https://lists.x.org/archives/xorg-announce/2020-December/003066.html